FBI Exposes China's Out-of-Control Hacker-for-Hire Ecosystem
Severity: High (Score: 74.0)
Sources: Theregister
Summary
The FBI has highlighted the rampant hacker-for-hire ecosystem in China, which operates under the direction of the country's intelligence agencies. Brett Leatherman, assistant director of the FBI's cyber division, stated that these private companies exploit vulnerable computers to gather sensitive information for profit, often selling it to the Chinese government or on the dark web. The recent extradition of Xu Zewei from Italy marks a significant development, as he faces nine hacking-related charges linked to state-sponsored cyber operations. These operations included the exploitation of zero-day vulnerabilities in Microsoft Exchange, affecting over 12,700 organizations in the U.S. and targeting research institutions during the COVID-19 pandemic. The indictment details Xu's role in coordinating hacking activities and supervising other hackers under the direction of the Shanghai State Security Bureau. This situation underscores the serious implications for cybersecurity and international relations, as the FBI warns that the protections assumed by these hackers do not extend beyond China's borders. Key Points: • China's hacker-for-hire ecosystem is directed by state intelligence agencies. • Xu Zewei was extradited from Italy and faces multiple hacking charges. • The operations included exploiting Microsoft Exchange vulnerabilities affecting thousands of U.S. organizations.